summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndre McCurdy <armccurdy@gmail.com>2016-01-13 19:35:09 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-19 17:37:23 +0000
commitd0dfd7bf9b2d6fb269f4d9b62263fd7ccc805fde (patch)
treeac16f102d10d10c978f29671d49d2e7397619fc0
parent39912b5f7b40210aefb8b248ab1a8643b61dfcbc (diff)
downloadopenembedded-core-d0dfd7bf9b2d6fb269f4d9b62263fd7ccc805fde.tar.gz
openembedded-core-d0dfd7bf9b2d6fb269f4d9b62263fd7ccc805fde.tar.bz2
openembedded-core-d0dfd7bf9b2d6fb269f4d9b62263fd7ccc805fde.zip
security_flags.inc: remove obsolete workarounds for curl
The curl configure script contains sanity checks for unexpected options being passed via CFLAGS, LDFLAGS, etc. environment variables. These sanity checks catch -Dxxx options in CFLAGS, which clashes with OE's approach of using CFLAGS to pass -D_FORTIFY_SOURCE (curl's configure script suggests, quite correctly, that -Dxxx options should be passed via CPPFLAGS instead). These sanity checks previously generated fatal errors, but have been downgraded to warnings since curl v7.32. Therefore the workaround of avoiding -D_FORTIFY_SOURCE for curl is obsolete and can be removed. https://github.com/bagder/curl/commit/5d3cbde72ece7d83c280492957a26e26ab4e5cca Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r--meta/conf/distro/include/security_flags.inc4
1 files changed, 0 insertions, 4 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 1795750fb3..ac4fc65a6f 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -28,11 +28,7 @@ SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-coreutils = "${SECURITY_NO_PIE_CFLAGS}"
-# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
-# to CPPFLAGS it gets picked into CFLAGS in bitbake.
-#TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
SECURITY_CFLAGS_pn-cups = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-curl = "-fstack-protector-all -pie -fpie"
SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-glibc = ""